A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software. The vulnerability (CVE-2018-0141) is due to a hard-coded password for Secure Shell (SSH) A local attacker could be exploited by a local attacker to connect to the PCP’s Linux operating system. With low-level privileges, an attacker could then elevate its privileges to root and take full control of the affected devices. The company has also patched a critical Java deserialization vulnerability affecting its Secure Access Control System (ACS)
Source: https://thehackernews.com/2018/03/cisco-pcp-security.html